Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

2019 Malware Trends to Watch

Malware authors continue to innovate, find new infection vectors and better obfuscate their wares. Heading into 2019, you can bet that cybercriminals will do everything in their power to become even more effective and virulent. Here are 10 top malware trends to watch for in the New Year.

Wipers

Shamoon, Black Energy, Destover, ExPetr/Not Petya and Olympic Destroyer: All of these wiper malwares, and others like them, have a singular purpose of destroying systems and/or data, usually causing great financial and reputational damage to victim companies. The actors behind this kind of code might be bent on sending a political message, physical sabotage or simply wanting to cover their tracks after data exfiltration. Shamoon 3 recently appeared, so it’s likely that wipers will continue to be an area to watch in 2019.

Fileless Malware

Fileless malware infects targeted computers leaving behind no artifacts on the local hard drive, making it easy to sidestep traditional signature-based security and forensics tools. Typical attacks exploit vulnerabilities in browsers and associated programs (Java, Flash or PDF readers), or via a phishing efforts. Fileless malware attacks nearly doubled in the first half of 2018 alone, according to SentinelOne, and is sure to plague 2019 too.

Emotet

Emotet was once a simple banking trojan – but has now evolved to become a full-scale threat-delivery service, with the ability to leverage third-party, open-source code libraries. It recently added a mass email-harvesting module and macro obfuscation, and it continues to be one of the most prevalent malwares out there. Expect it to continue to add new capabilities in the new year.

Botnets

In 2018, botnets evolved to target different types of devices, such as carrier-grade MikroTik hardware; and, there was also a host of new types of criminal activity, with botherders creating new botnet malwares with modular architectures to do everything from DDoSing targets to spreading secondary malware. New types of configurations surfaced, like self-organizing botnet swarms, and there was increased law enforcement interest – all trends that are expected to continue into 2019.

APT Malware

Nation-state-backed actors continue to operate from the shadows, challenging researchers in attribution and looking to stay as stealthy as possible in order to carry out their espionage efforts. Custom malware is very much a part of the APT scene (although a move to commercial tools has also been spotted), and APTs like Sofacy are actively evolving their code. In 2019, expect APTs to continue to upgrade their bag of tricks to increase the effectiveness of their campaigns.

Ransomware

Attackers behind ransomware incidents are growing smarter and more savvy – as we saw in 2018, in the cases of the Atlantaransomware attack and the Onslow Water and Sewer Authority (OWASA) ransomware attack. Experts say the attackers behind these attacks did their homework by picking a number that they know the victim can afford to pay, or in the case of the OWASA, a time period (after Hurricane Florence hit) where the water utility was needed.

Cryptomining Malware

Cryptominers dominated malware growthin 2018, with attacks increasing by more than 83 percent in the past year according to researchers at Kaspersky Lab, and more than 5 million people attacked with the malware in the first three quarters of 2018. Criminals using this type of malware profited off cryptojacking attacks on the websites of organizations like Make-A-WishInternational or the LA Times.With new variants like MassMinerand the Kittycryptomining malware bursting into the scene, experts say that cryptominers aren’t going anywhere.

Card-Skimming Malware

Card-skimming malware has been getting more popular over the past year and that will continue into 2019, according to researchers at RiskIQ who track the Magecart group, a common user of skimmers. In fact, in the past year, 45.8 million records were stolen from in-person transactions using card-skimming malware and point-of-sale (POS) breaches. Threat actors targeted firms like retailers, hotels and restaurants – including Chili’s and Cheddar’s Scratch Kitchen, which were both impacted by payment-card data breaches this year.

Malvertising

Malvertising continues to gain traction as we move into 2019. 2018 saw campaigns with far-reaching consequences: One campaign targeting iOS deviceshijacked a whopping 300 million browser sessions in just 48 hours; while another posedas a legitimate website publisher on the AdsTerra online advertising network, instead using maliciously gathered traffic to deliver victims to exploit kits.

Pushing the Steganography Boundaries

Steganography, or “stegware,” has been gaining traction according toSimon Wiseman, chief technology officer of Deep Secures, as more malware payloads hidefrom traditional anti-virus protection when delivered buried inside images, documents or pixels. But in 2018 and moving forward, bad actors are looking to push the limits of stegware by using even newer formats – most recently a new type of malware even received instructions via hidden code embedded in memesposted to Twitter.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.